silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,151
The Novter Trojan, also known as Nodersok or Divergent, is the latest Trojan to actively target Microsoft's Windows Defender by attempting to disable it.
Last week, three reports came out about a new fileless Trojan that installs Node.JS onto a victim's machines and configures it as a proxy server for click-fraud and other malicious activity. This Trojan is named by Microsoft as Nodersok, Divergent by Cisco Talos, and Novter by Trend Micro.
As previously explained by all three companies, when installed Novter will execute a PowerShell script that disables Windows Defender and modifies Windows Update settings.
According to security researcher Vitali Kremez, who also reverse engineered Novter, the malware will add a variety of Windows policies that disable various functionality in Windows Defender.
Novter Trojan Sets its Sights on Microsoft Windows Defender
The Novter Trojan, also known as Nodersok or Divergent, is the latest Trojan to actively target Microsoft's Windows Defender by attempting to disable it.
www.bleepingcomputer.com